350 likes | 639 Views
DoD IA Education, Training, Awareness Products . Maryann Dennehy DISA/GO434, (703) 882-1716 DennehyM@ncr.disa.mil March 2004. Agenda. Mission Authorities Approach Categories of Products New Products Under Development Videos Order Products Online, POCs. MISSION.
E N D
DoD IA Education, Training, Awareness Products Maryann Dennehy DISA/GO434, (703) 882-1716 DennehyM@ncr.disa.mil March 2004
Agenda • Mission • Authorities • Approach • Categories of Products • New Products • Under Development • Videos • Order Products Online, POCs
DoD ETA Mission • Provide standardized DoD-level IA products for Combatant Commands / Services/Agencies to integrate into their IA Education, Training & Awareness (ETA) programs • Develop products to support the DoD-wide IA career field or professional / certification programs • Assist other DoD components in developing and / or conducting IA training activities • Support DoD and Federal IA ETA outreach programs (HSPD-7)
Authorities • DOD Instruction 8500.01 Information Assurance -Require the Director, DISA to develop and provide IA training and awareness products. • DOD Instruction 8500.02 Information Assurance Implementation -The Director, DISA shall develop and provide IA training and awareness products, and a distributive training capability to support product delivery. • CJCSI 6510.01C(1 May 01, Enclosure B, Pg. B-12) -The Director, DISA will develop an IA and INFOSEC education, training, and awareness program, guidelines, computer-based training and distributive courses and products for use by other DOD components in coordination with other DOD components as required, and assist other DOD components in developing and/or conducting IA and INFOSEC training activities • IA/IT/HR/IPT(February 2000, implemented by DEPSECDEF Memo, 14 Jul 00) -DISA shall develop baseline IA training courses to meet the IA training requirements stipulated in the IPT certification documents.
Derivation of Requirements Requirements Gathered From • ASD (NII), Director, IA, DIAP • IA ETA Forums, Working Groups • Service HQs IA Program Offices • Operators • DoD CERT • Other DISA entities (e.g., PKI) • Feedback from Training Organizations • Service schools • Service & agency training organizations • DISA/FSO trainers
Prioritization of Requirements Priorities established in coordination with • ASD(NI2), Director IA, DIAP • DISA FSO Prioritization considerations • Certification requirements • Magnitude of need • Availability of funding • Availability of content • Availability of external funding Factors bearing on prioritization • Command decision • Rapid transition to new technology impacting existing media products • Emergence of new IA policies/concepts
Approach • DOD-centric with focus on commonality across organizational lines • Collaborate with other Federal agencies using their dollars to create products that support their unique training programs
CATEGORIES OF PRODUCTS
Categories of Products Personnel Certification • Used by some Combatant Commands/Services/Agencies for various levels of certification for SAs, IAOs, IAMs, etc. Professionalization • Intended for use by IA professionals, • (SA, IAO, IAM) to build professional competence Support to Warfighter • Present basic concepts to the Warfighter, and to aid the Warfighter in becoming more technically sound
Personnel Certification 1999 CINDY Silver Award; Three New Media Invision Gold Awards • DoD Information Assurance Awareness • Information Assurance Policy & Technology (IAP&T) (formerly OISS) • Windows NT Security • UNIX Security • CyberProtect
Professionalization Mapped 100% to NSTISSI 4015 • Designated Approving Authority (DAA) • DITSCAP • SSAA Preparation Guide • Certifiers Fundamentals • Web Security • Database Security • System Admin Incident Prep & Response – UNIX • System Admin Incident Prep & Response – Win NT • System Defender
Support to the Warfighter • Information Operations Fundamentals • Defense in Depth • Information Age Technology • Computer Network Defense • Public Key Infrastructure • IA for Auditors & Evaluators • Active Defense – An Executive’s Guide to IA • Introduction to CIRT Management
All Products • Currently available for ordering via IASE at http://iase.disa.mil/eta • Web-deliverable • ADA Section 508 Compliant • Available at no cost • Cleared for “Open Release” by DoD
NEW PRODUCTS
System Defender Teaches a methodology of proactive defense through practice using scenarios • Defines training gaps • Web-based only • Easy to update • Tracks students via web server/LMS • Compatible with ADA 508 requirements. • Audience includes SAs, IAOs, IAMs, Net Admins with Level 2 experience. Demo available at DISA IA Training Products Booth
IA Policy & Technology (IAP&T) • Policy and technology overview in accordance with DOD guidance pertaining to the defense of information systems • Topics include: • Information Security Overview • System Modes and Evaluation Criteria • Workstation Security • Network Security • Identifying and Reporting Incidents • Protecting Information Systems • Managing Information Systems Security • Audience is IAOs, IAMs or SAs Demo available at DISA IA Training Products Booth
SSAA Preparation Guide • Contains guidance on completion of the SSAA • Product is useful for preparation of an SSAA using the National Information Assurance Certification and Accreditation Process (NIACAP), NSTISSI No. 1000 • Provides overview of the DITSCAP • Uses DITSCAP outline (DoD 8510.1M) • Audience is IAMs, IAOs, SAs, Auditors Demo available at DISA IA Training Products Booth
Firewall and Router Basics • Introduction to the security aspects of firewalls and routers • Addresses the operation and maintenance of secure information systems and networks within a networked environment • Audience is SAs, network adminis and users working toward obtaining Level 1 SA certification • Topics include • Internetworking Overview • Firewall Fundamentals • Router Fundamentals Demo available at DISA IA Training Products Booth
Telework • Instructs users on current DoD policies and guidelines for utilizing the Telework program
Wireless Networking Security • Instructs users on current DoD policies and guidelines for utilizing wireless networks
Windows 2000 System Administrator • Security as it pertains to Windows 2000, both server and workstation • Shows various ways to secure Windows 2000 systems and addresses current vulnerabilities • Addresses Gold Standard • Audience includes SAs, IAOs, IAMs, and Network Administrators • Currently in Beta Review
Cyber OPS (Net Builder) • Multi-year collaborative effort with USMA • Modular IA exercise as an academic classroom, technical training and information warfare exercise support tool • Each module increases depth and realism of exercise play, using a building block approach Net Builder (2 yrs) Players create networks using generic hardware, software, and connection tool suites within allocated resources Net Defender Uses computer-generated attack sequences to test network defenses developed by exercise players Net Assurer Explores the impact of available IA personnel (SAs, IAMs, IAOs, and DAAs) on the efficiency of system operation Net Warrior Red Team – Blue Team exercise play defending or attacking previously created, defended, and staffed networks
Cyber Law • For government lawyers who need to understand legal and policy issues, both current and emerging, associated with IA and CIP/Homeland Security • Topics include: • Basic understanding of the Internet • Basic tenets of Information Assurance • Definition of Computer Crime • Discussion of First and Fourth Amendments • Presentation of statutory considerations to be applied during investigations • Discussion of four “Lanes in the Road” pertinent to CND • References for following evolving areas of the law in cyberspace • Audience: Combatant Commands/Components SJA; Regional JAGs; IA, IO, CIP and Intel specialists; SAs, IAOs, DAAs, Red Teams, CERTs, web developers
IA Videos Compilation Series 1 • Networks at Risk (NCS) (10 min) • The Information Front Line (IC) (10 min) • Bringing Down the House (IC) (11 min) • Computer Security 101 (DOJ) (~10 min) • Computer Security: The Executive Role (DOJ) (~10 min) • Safe Data - Its Your Business (DOL) (18 min) • Think Before You Respond (USGov) (3 min) • Protect Your AIS (USGov) (6 vignettes) • Protect Your AIS -The Sequel (USGov) (30 min) • Doctor D Stroye (USGov) (7 min) • The Scarlet V (USGov) (7 min)
IA Videos Compilation Series 2 • Ears Looking at You (USGov) (8 min) • Just the Fax (USGov) (7:51 min) • Bits and Pieces (USGov) (4:30 min) • Magnificent Discretion (USGov) (5:02 min) • Sherman on My Mind (USGov) • Identity Theft – Protect Yourself (USN) Understanding PKI Solar Sunrise: Dawn of a New Threat* • (NACIC, NIPC, FBI) (18 min) Risky Business* • (NACIC, FBI) (~20 min) * Government only. All others contact http://www.nacic.gov.
ORDER INFORMATION
Order Products Online For product order form, product descriptions, and frequently asked questions/product notes: • Web: http://iase.disa.mil/infosec Sign up for automatic e-mail notification of new products • E-mail: dodiaeta@ncr.disa.mil • Ms. Emillie Quan QuanE@ncr.disa.mil (703) 882-1709 COM / 381-1709 DSN • Ms. Maryann Dennehy DennehyM@ncr.disa.mil (703) 882-1716 COM / 381-1716 DSN
DoD IA Education, Training, Awareness Products Maryann Dennehy DISA/GO434, (703) 882-1716 DennehyM@ncr.disa.mil March 2004